Hi,
> Just a quick review. If I understand correctly, the guest never sends
> filenames to the guest. Instead filenames are discovered using readdir
> inside QEMU and the guest accesses objects by handle.
Correct.
> This seems like a
> good property for security since it eliminates '..' escaping attacks.
Yes. Additionally the code filters out everything but directories and
regular files, so the guest wouldn't see any special inodes (block,
char, socket, pipe). And it also doesn't follow symlinks.
I'll go over the other comments (and the other review mail) tomorrow.
cheers,
Gerd
PS: Funny thing that the reviews start coming in when I send pull
requests. The patches have been on the list a few weeks back
already (during 2.0 freeze, thats why the long delay between
[patch] and [pull]). No comments.
Should I consider going straight for a pull requests to get
reviews faster?
